BUBBLES Logo BLACK

Privacy Policy

This Privacy Policy has been duly adopted by SIS Industries OOD and is effective as of 31 July 2025. Please note that this Privacy Policy will be regularly updated to reflect changes in how we process your personal data and any amendments to applicable legislation.

We apply this Privacy Policy to personal data collected from you through our website www.minkovbrothers.bg. For the purpose of providing the services on www.minkovbrothers.bg, SIS Industries OOD, UIC (ЕИК): 040275584, with registered office and address of management: 77 James Bourchier Blvd., 2nd floor, 1407 Sofia, Bulgaria, processes personal data in accordance with this Privacy Policy. In processing personal data, www.bubbles.bg complies with all data protection laws applicable to its activities, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

The GDPR has direct effect and serves as a framework (omnibus) law which, to some extent, envisages amendments to Member States’ legislation in the field of data protection and allows for specific provisions to tailor the application of its rules. Its purpose is to protect the rights and freedoms of natural persons and to ensure that personal data are not processed without their knowledge and, where necessary, are processed with their consent.

The protection of personal data is of great importance to SIS Industries OOD, and we want the processing of your personal data to be fully transparent to you. For this reason, we have adopted a policy that sets out how your personal data will be processed and protected.

Key Definitions

  • Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
  • Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law.
  • Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Data subject – any living individual who is the subject of personal data held by the controller.
  • Consent of the data subject – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law are not regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

(See Article 4 GDPR for the official definitions.)

This Policy explains how we process your personal data, what your rights are, and how the law protects you and your data. This website is not intended for individuals under 18 years of age. We do not intentionally collect or retain information about individuals under 18.

Legal Framework

Respecting the confidentiality and protection of your personal data is important to us and is taken into account in all our business relationships. We always act in accordance with the provisions of the Bulgarian Personal Data Protection Act and the GDPR. Over time, it may be necessary to amend this Privacy Policy; where appropriate, we will notify you each time we make a change. We may ask you to accept the changes or renew your consent for the use of your personal data.

Data We Collect

Data you share with us:

  • In e-mails or letters you send to us;
  • In forms you complete and submit in relation to our products;
  • In feedback you provide to us;
  • IP address when you use services on the website or view website content;
  • When you place an order, to communicate with you using your contact details, including to arrange delivery by a licensed courier service provider;
  • When you subscribe to our newsletter until you unsubscribe (if the service is available);
  • When you register and/or take part in our tastings, initiatives, games and events – for the purposes of organising and conducting them;
  • When you request information or assistance via our contact form, to send you a personalised response;
  • For verification of information you have provided for identity confirmation and preventing abuse or breaches of the online store rules;
  • In the course of communications related to initiatives, events and other activities announced on the Site;
  • In any section of the Site where you knowingly and voluntarily provide personal information and data;
  • When making payments for your orders.

We do not collect special categories of personal data about you. “Special categories” refers to personal data requiring special treatment under data protection laws and, in certain circumstances, your explicit consent (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, biometric or genetic data, sex life or sexual orientation, or criminal convictions and offences, including information about alleged criminal activity).

Except for certain information required by law, providing personal data is voluntary. This means you will not suffer adverse consequences if you choose not to provide your personal data. However, if you do not provide certain information, we may be unable to achieve some or all of the purposes set out in this Privacy Policy, and you may be unable to use certain services that require such data. For more up-to-date information about the tools and systems we use, you may contact our Data Protection Officer.

Third Parties

Any parties to whom we may disclose your personal data have declared that they provide an adequate level of protection for your personal data. Sometimes, with your explicit consent given through partner tools, we may receive data from third parties, e.g., from your social media profiles such as Facebook or Google. Personal data may be disclosed to governmental and/or law-enforcement authorities where required by applicable law.

Our website uses cookies to store settings and identifiers necessary to provide the information described on the site. Some cookies are technically necessary for the proper functioning of the site. More information is available in our Cookie Policy (link to Cookie Policy document).

Use of Personal Data

Personal data you provide are processed and used by the www.bubbles.bg website of SIS Industries OOD solely for the purposes specified below, including in particular:

  • Providing, improving and maintaining our online services (including data analytics, identifying usage trends, and compiling statistics). These data are primarily quantitative and non-personalised.
  • Contact and order forms: If you use a contact form for inquiries or orders, the information you provide, including your contact details, is used to handle your inquiry or send products and may be stored for follow-up questions.
  • Responding to your inquiries;
  • Processing your orders, deliveries, payments, and communicating with you;
  • Sending information about features of our Site or news about our products;
  • Ensuring publicity and transparency of our activities;
  • Covering our events and achievements;
  • Informing you about changes to our policies;
  • Personalising our communications with you;
  • Sending newsletters, letters, invitations to events, and information about initiatives, activities and projects by e-mail or otherwise; registering or participating in an event;
  • Conducting research and developing our activities;
  • Detecting, investigating and preventing actions that may violate our policies or be unlawful;
  • Administering payments.

For each form on the website that involves providing personal data, you will find a specific notice explaining the purpose of collecting the data and your rights as a user.

We will process your personal data for the purposes above based on your prior consent where such consent is required under applicable law. We will not use your personal data for purposes incompatible with those for which you were informed unless required or permitted by law, or where it is in your vital interests (e.g., emergency medical assistance).

Protecting Your Personal Data

SIS Industries OOD has implemented appropriate information security measures to prevent accidental loss, unauthorised use or access, alteration or disclosure of your personal data. We also limit access to your personal data to those employees, external service providers and other third parties who have a legitimate need to know. They are subject to confidentiality obligations.

Before transferring your personal data to such parties, we take necessary steps to ensure your data receive adequate protection as required by applicable data protection laws and SIS Industries OOD’s internal policies. Given the nature of the Internet, please note that security gaps may occur in data transmission over the Internet (e.g., via e-mail), and complete protection against access by third parties is not possible.

As an organisation with offices and multiple physical points of sale and operations, personal data we collect may need to be transferred. Currently, the personal data we collect are processed primarily in the Republic of Bulgaria and within the European Economic Area (EEA) and are not transferred to third countries outside the EEA.

SIS Industries OOD maintains organisational, physical and technical security measures for all personal data it holds, supported by rules, policies, procedures and guidelines that take into account the risks associated with the categories of personal data. We apply leading industry security measures to protect your personal data.

Purposes of Processing Your Personal Data

SIS Industries OOD may collect, use, transfer, disclose and otherwise process your personal data in the context of facilitating communication with you (including in emergencies), operating and managing SIS Industries OOD’s business operations and systems, and complying with legal requirements. We will not use your personal data for purposes incompatible with those listed in this Privacy Policy unless required or permitted by law, or where it is in your vital interests (e.g., emergency medical assistance).

Legal Bases for Processing

SIS Industries OOD processes your personal data as permitted by applicable data protection laws and its internal policies. We process your personal data for the purposes set out in this Privacy Policy on one or more of the following legal bases:

  • to comply with a legal obligation to which SIS Industries OOD is subject;
  • because the information is necessary for the performance of a contract to which you are a party;
  • because the processing is necessary for the purposes of legitimate interests pursued by SIS Industries OOD or by a third party (as outlined below); or
  • where necessary to protect vital interests of any person.

SIS Industries OOD has legitimate interests in collecting and processing personal data, for example:

  • to ensure the security of SIS Industries OOD’s networks and information;
  • to administer and conduct business operations; and
  • to prevent fraud.

Where permitted by law and/or with your prior consent, SIS Industries OOD may process special categories of data and/or make automated decisions about you for the purposes specified in this Privacy Policy.

Access to Your Personal Data

Access to your personal data within SIS Industries OOD is limited to employees who need to know the information for the purposes described in this Privacy Policy. Where necessary, SIS Industries OOD may share your personal data with third parties such as service providers and public authorities. Before doing so, SIS Industries OOD takes steps to protect your personal data. All third-party service providers and professional advisers to whom your personal data are disclosed are expected and required to protect the confidentiality and security of your personal data and may use them only in accordance with applicable data protection laws.

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected them, including to satisfy legal, accounting or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your data and whether those purposes can be achieved by other means, as well as applicable legal requirements.

Your Rights

Under the GDPR, you have certain rights regarding personal data we process about you, including:

  • Right of access – to know whether we process personal data about you and, if so, to obtain information and a copy of those data.
    You can request a copy by e-mailing export@sisindustries.bg or sales@sisindustries.bg. We aim to respond to all legitimate requests within one month; if we need more time, we will let you know.
  • Right to rectification – to ask us to correct personal data that are inaccurate or incomplete.
    Please contact export@sisindustries.bg or sales@sisindustries.bg; we will take reasonable steps to verify and, if necessary, correct the information.
  • Right to object / erasure / restriction – you may:
    • object to the processing of your personal data;
    • request erasure of your personal data (e.g., where they are no longer necessary for the stated purposes);
    • request restriction of processing (e.g., limited processing with your consent); or
    • ask us to stop using them where there is no need to continue processing (the “right to be forgotten”).

There may be legal grounds requiring us to retain or use your data; we will inform you where applicable. Where processing is based on your consent, you may withdraw your consent at any time by contacting our Data Protection Officer in writing (including by e-mail). Withdrawal will not affect processing carried out before the withdrawal or processing based on other legal grounds.

In some cases, we may be able to provide only partial assistance within the limits of the law (e.g., where we must keep certain personal data exactly as received from third parties or public registers). We may direct you to those third parties to exercise your rights with them.

If, despite our efforts, you believe your data protection rights have been violated, SIS Industries OOD will review any inquiry or complaint. You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection or to bring an action before the competent court.

Use of Your Personal Data When Visiting “Bubbles” / SIS Industries OOD Websites

SIS Industries OOD collects personal data through its websites in two ways:

  • directly (e.g., when you provide personal data to subscribe to a newsletter); and
  • indirectly (e.g., via our website technology).

We may collect and process:

  • Personal data you provide by filling in forms on our websites (e.g., website registration, service subscriptions, newsletters and communications, conference registration, or requests for information). Pages collecting such data may provide additional information on why the data are needed and how they will be used. You decide whether to provide them.
  • Records of correspondence if you contact us.
  • Technical information about your computer collected by our website, including (where available) IP address, operating system and browser type, for system administration, traffic filtering, user domain lookups and statistical reporting.
  • Details of your visits, pages viewed and resources accessed or downloaded, including (without limitation) traffic data, location data, weblogs and other communication data. See our Cookie Policy for more information.

Our websites may include:

  • Links to and from the websites of our partner networks and advertisers;
  • Certain third-party programs (widgets and applications). In such cases, those third parties may process personal data collected through such programs for their own purposes.

We do not provide any warranty or assume responsibility for such third-party websites or programs. Please review their terms of use and privacy statements before using them or providing information.

We use personal data for the purposes described above, as well as to provide information you request, to process requests, and for other purposes described below. For example: to personalise your access to our website and to contact you for marketing purposes. We analyse IP and browser information to determine what works best on our website and to identify improvements. See the Cookie Policy for more details.

Contacts

For questions concerning this Privacy Policy, please contact:
SIS Industries OOD, UIC: 040275584; 77 James Bourchier Blvd., 2nd floor, 1407 Sofia, Bulgaria.

For data protection matters at SIS Industries OOD: export@sisindustries.bg, sales@sisindustries.bg.

Complaints

If you are dissatisfied with how we have used your personal data, please let us know by e-mailing export@sisindustries.bg or sales@sisindustries.bg.
You also have the right to complain to the Bulgarian Commission for Personal Data Protection:
1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.;
Tel.: +359 2 91 53 518; Fax: +359 2 91 53 525;
E-mail: kzld@cpdp.bg; Website: https://www.cpdp.bg/.

By viewing and using the functions of our website, you expressly agree that your personal data will be collected and processed by us, and you confirm their accuracy and authenticity. You also declare that you have been informed about the types of personal data we collect and process, the purposes for which they will be used, and your rights to access, rectify or erase the personal data collected.

31 July 2025